Overview: In almost every year since 2000, the Internet Crime Complaint Center has reported an increase in cybersecurity crime reports by individuals and organizations. Over the last dozen years, the number of attacks reported in the United States seems to grow consistently over time. After examining this trend, the question arises: Is there anything an organization can do to stop these attacks from occurring and protect their critical information systems from intruders?

Business leaders need to understand the risks that face their organization if they are to effectively mitigate those risks. In this SANS Analyst Program whitepaper, we will discuss the actual threats facing organizations today in a realistic and measured way. Then we will examine the methods dedicated attackers use to compromise systems using the ?intrusion kill chain? as a model. Finally, we will consider specific defenses, as outlined by the first four Critical Security Controls (CSCs), which organizations can implement to keep future attacks from succeeding.